aboutsummaryrefslogtreecommitdiff
path: root/docs/curl.1
AgeCommit message (Collapse)Author
2016-11-28curl: remove --proxy-ssl* optionsDaniel Stenberg
There's mostly likely no need to allow setting SSLv2/3 version for HTTPS proxy. Those protocols are insecure by design and deprecated.
2016-11-25add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme}Frank Gevaerts
Adds access to the effectively used protocol/scheme to both libcurl and curl, both in string and numeric (CURLPROTO_*) form. Note that the string form will be uppercase, as it is just the internal string. As these strings are declared internally as const, and all other strings returned by curl_easy_getinfo() are de-facto const as well, string handling in getinfo.c got const-ified. Closes #1137
2016-11-25curl.1: the new --proxy options ship in 7.52.0Daniel Stenberg
2016-11-24proxy: Support HTTPS proxy and SOCKS+HTTP(s)Alex Rousskov
* HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks.
2016-11-16curl.1: Clarify --dump-header only writes received headersJay Satiro
2016-11-15docs: the next release will be 7.52.0Kamil Dudka
2016-11-14curl: add --fail-earlyDaniel Stenberg
Exit with an error on the first transfer error instead of continuing to do the rest of the URLs. Discussion: https://curl.haxx.se/mail/archive-2016-11/0038.html
2016-11-11curl: Add --retry-connrefusedDaniel Hwang
to consider ECONNREFUSED as a transient error. Closes #1064
2016-11-07curl: introduce the --tlsv1.3 option to force TLS 1.3Kamil Dudka
Fully implemented with the NSS backend only for now. Reviewed-by: Ray Satiro
2016-11-07curl.1: explain the SMTP data expected for -TDaniel Stenberg
Fixes #1107 Reported-by: Adam Piggott
2016-11-01curl.1: typoDaniel Stenberg
2016-11-01curl.1: expand on how multiple uses of -o looksDaniel Stenberg
Suggested-by: Dan Jacobson Issue: https://github.com/curl/curl/issues/1097
2016-09-30curl.1: --trace supports % for sending to stderr!Daniel Stenberg
2016-09-21docs: Remove that --proto is just used for initial retrievalJay Satiro
.. and add that --proto-redir and CURLOPT_REDIR_PROTOCOLS do not override protocols denied by --proto and CURLOPT_PROTOCOLS. - Add a test to enforce: --proto deny must override --proto-redir allow Closes https://github.com/curl/curl/pull/1031
2016-09-07errors: new alias CURLE_WEIRD_SERVER_REPLY (8)Jay Satiro
Since we're using CURLE_FTP_WEIRD_SERVER_REPLY in imap, pop3 and smtp as more of a generic "failed to parse" introduce an alias without FTP in the name. Closes https://github.com/curl/curl/pull/975
2016-09-04speed caps: not based on average speeds anymoreOlivier Brunel
Speed limits (from CURLOPT_MAX_RECV_SPEED_LARGE & CURLOPT_MAX_SEND_SPEED_LARGE) were applied simply by comparing limits with the cumulative average speed of the entire transfer; While this might work at times with good/constant connections, in other cases it can result to the limits simply being "ignored" for more than "short bursts" (as told in man page). Consider a download that goes on much slower than the limit for some time (because bandwidth is used elsewhere, server is slow, whatever the reason), then once things get better, curl would simply ignore the limit up until the average speed (since the beginning of the transfer) reached the limit. This could prove the limit useless to effectively avoid using the entire bandwidth (at least for quite some time). So instead, we now use a "moving starting point" as reference, and every time at least as much as the limit as been transferred, we can reset this starting point to the current position. This gets a good limiting effect that applies to the "current speed" with instant reactivity (in case of sudden speed burst). Closes #971
2016-08-28darwinssl: add documentation stating that the --cainfo option is intended ↵Nick Zitzmann
for backward compatibility only In other news, I changed one other reference to "Mac OS X" in the documentation (that I previously wrote) to say "macOS" instead.
2016-06-22curl.1: the used progress meter suffix is k in lower caseDaniel Stenberg
Closes #883
2016-06-17curl.1: missed 'T' in the progress unit suffixesDaniel Stenberg
2016-06-17curl.1: mention the unix for the progress meterDaniel Stenberg
2016-05-30http: add CURLINFO_HTTP_VERSION and %{http_version}Frank Gevaerts
Adds access to the effectively used http version to both libcurl and curl. Closes #799
2016-05-17docs: CURLOPT_RESOLVE overrides CURLOPT_IPRESOLVEDaniel Stenberg
2016-04-30curl.1: --mail-rcpt can be used multiple timesDaniel Stenberg
Reported-by: mgendre Closes #784
2016-04-29curl.1: document the deprecated --ftp-ssl optionDaniel Stenberg
2016-04-29curl.1: document --ntlm-wbDaniel Stenberg
2016-04-29curl.1: document the long format of -q: --disableDaniel Stenberg
2016-04-29curl.1: mention the deprecated --krb4 optionDaniel Stenberg
2016-04-29curl.1: document --ftp-ssl-reqdDaniel Stenberg
Even if deprecated, document it so that people will find it as old scripts may still use it.
2016-04-24PolarSSL: Implement public key pinningmoparisthebest
2016-04-18tool: add --tcp-fastopen optionAlessandro Ghedini
2016-04-17news: CURLOPT_CONNECT_TO and --connect-toMichael Kaufmann
Makes curl connect to the given host+port instead of the host+port found in the URL.
2016-04-06curl.1: use example.com moreDaniel Stenberg
Make (most) example snippets use the example.com domain instead of the random ones picked and used before. Some of those were probably legitimate sites and some not. example.com is designed for this purpose.
2016-04-06curl.1: change example for -FTheodore Dubois
It's a bad idea to send your passwords anywhere, especially over HTTP. Modified example to send a picture instead. Fixes #752
2016-04-02curl.1: -w filename_effective was introduced in 7.26.0Daniel Stenberg
We never made a 7.25.1 release
2016-03-31http2: more documentation for prior knowledgeDaniel Stenberg
2016-03-31http2: support "prior knowledge", no upgrade from HTTP/1.1Diego Bes
Supports HTTP/2 over clear TCP - Optimize switching to HTTP/2 by removing calls to init and setup before switching. Switching will eventually call setup and setup calls init. - Supports new version to “force” the use of HTTP/2 over clean TCP - Add common line parameter “--http2-prior-knowledge” to the Curl command line tool.
2016-02-23TFTP: add option to suppress TFTP option requests (Part 2)Jay Satiro
- Add tests. - Add an example to CURLOPT_TFTP_NO_OPTIONS.3. - Add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS. Bug: https://github.com/curl/curl/issues/481
2016-02-18curl.1: HTTP headers for --cookie must be Set-Cookie styleJay Satiro
Bug: https://github.com/curl/curl/issues/666 Reported-by: baumanj@users.noreply.github.com
2016-02-18curl.1: add a missing dashDaniel Stenberg
2016-02-12curl.1: --disable-{eprt,epsv} are ignored for IPv6 hostsKamil Dudka
The behavior has been clarified in CURLOPT_FTP_USE_{EPRT,EPSV}.3 man pages since curl-7_12_3~131. This patch makes it clear in the curl.1 man page, too. Bug: https://bugzilla.redhat.com/1305970
2016-02-03URLs: change all http:// URLs to https://Daniel Stenberg
2016-02-02HTTPS: update a bunch of URLs from HTTP to HTTPSDaniel Stenberg
2016-01-29curl.1: Explain remote-name behavior if file already existsJay Satiro
.. also warn about letting the server pick the filename.
2015-12-15curl --expect100-timeout: addedDaniel Stenberg
This is the new command line option to set the value for the existing libcurl option CURLOPT_EXPECT_100_TIMEOUT_MS
2015-11-06curl.1: remove the overlap --range exampleDaniel Stenberg
... it is just weird to include by default even if it still works.
2015-10-28curl.1: -E: s/private certificate/client certificateDaniel Stenberg
... as the certificate is strictly speaking not private. Reported-by: John Levon
2015-10-23curl.1: --ignore-content-length now works for FTP tooDaniel Stenberg
2015-09-03curl.1: update RFC referencesDaniel Stenberg
2015-09-03docs: Warn about any-domain cookies and multiple transfersJay Satiro
- Warn that cookies without a domain are sent to any domain: CURLOPT_COOKIELIST, CURLOPT_COOKIEFILE, --cookie - Note that imported Set-Cookie cookies without a domain are no longer exported: CURLINFO_COOKIELIST, CURLOPT_COOKIEJAR, --cookie-jar
2015-08-22CURLOPT_DEFAULT_PROTOCOL: addedNathaniel Waisbrot
- Add new option CURLOPT_DEFAULT_PROTOCOL to allow specifying a default protocol for schemeless URLs. - Add new tool option --proto-default to expose CURLOPT_DEFAULT_PROTOCOL. In the case of schemeless URLs libcurl will behave in this way: When the option is used libcurl will use the supplied default. When the option is not used, libcurl will follow its usual plan of guessing from the hostname and falling back to 'http'.